8f3520fe09e4bf88492d1c86b5d5724800926c5aac9f54dcffd40a849966ebc4

Analysis

max time kernel
2769174s
max time network
135s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
23/12/2023, 20:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8f3520fe09e4bf88492d1c86b5d5724800926c5aac9f54dcffd40a849966ebc4.apk
Size

26.1MB
MD5

8d7b019b2eb2f0827832581e998d913a
SHA1

e75267c00ba116f4753f1ddf9a66b5bd276ed594
SHA256

8f3520fe09e4bf88492d1c86b5d5724800926c5aac9f54dcffd40a849966ebc4
SHA512

fb5e302399e110a78d0b759f6313369d1fab6394eec99f39e4c2e3b6d0a28f4056b3b75f49ddb719fe308c8d0e442da72865ce1693dd3e3d420aea7899da36ff
SSDEEP

786432:cNNcBS5p1cnP+DFPQV8gwsLouaF/W9D2EM:Uc05I+DhQO7sL2NO2Z

Score

7^/10

Malware Config

Signatures

Loads dropped Dex/Jar 6 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/data/com.crting.chat/.jiagu/classes.dex	4264	com.crting.chat
/data/data/com.crting.chat/.jiagu/classes.dex!classes2.dex	4264	com.crting.chat
/data/data/com.crting.chat/.jiagu/classes.dex!classes3.dex	4264	com.crting.chat
/data/data/com.crting.chat/.jiagu/tmp.dex	4264	com.crting.chat
/data/data/com.crting.chat/.jiagu/tmp.dex	4321	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.crting.chat/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.crting.chat/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
/data/data/com.crting.chat/.jiagu/tmp.dex	4264	com.crting.chat

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.crting.chat

com.crting.chat
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data)
PID:4264
- chmod 755 /data/data/com.crting.chat/.jiagu/libjiagu.so
  2⤵
  PID:4288
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/data/com.crting.chat/.jiagu/tmp.dex --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/data/com.crting.chat/.jiagu/oat/x86/tmp.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4321
- getprop ro.product.cpu.abi
  2⤵
  PID:4349
- /system/bin/dex2oat --instruction-set=x86 --dex-file=/data/data/com.crting.chat/.jiagu/classes.dex --dex-file=/data/data/com.crting.chat/.jiagu/classes.dex!classes2.dex --dex-file=/data/data/com.crting.chat/.jiagu/classes.dex!classes3.dex --oat-file=/data/data/com.crting.chat/.jiagu/oat/x86/classes.odex --inline-max-code-units=0 --compiler-filter=speed
  2⤵
  PID:4411

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.crting.chat/.jiagu/.jgck

Filesize
4B

MD5
4c45d17d56dd9a6d9dcc075e40afe214

SHA1
ac5185eb98ed60fc7f80508997ca55beeda6bbae

SHA256
d768b53094b41199ee7cf1017b238266c51b5e5ea75a18b5d9d93aa18f891e05

SHA512
67b4f5949781cdda5914865618bb4724c7b26253844edbf0c47c504ddb2b9a5b3e567d0a4260512f2fdbe0cffd1fe8212808df506e36701a35f693b99502294b

Download Submit
/data/data/com.crting.chat/.jiagu/classes.dex

Filesize
6.2MB

MD5
732c2c0cbdaab0dd52e56bf0be822841

SHA1
6644cf99f92ba3cd0d1e22a0cc244a8b28f619cb

SHA256
cf9db3324c085c10ca36ceede5d1307073bc0a850af1c013f156004cd1f4d234

SHA512
be924ff3a0176dd61cc438bc25b7d5cc45e6301f21826cbd544e0781d31b74b8494fb2269015d2fdf554e5c4ed1b60884f867bc2582a7c1a35c1f6e3628caaa1

Download Submit
/data/data/com.crting.chat/.jiagu/classes.dex

Filesize
6.1MB

MD5
0968d56d265e35e23557ac2e57dded5b

SHA1
8ccd7ffe7155762c3c7cf9e41cafd010f861f026

SHA256
d8ee52eb2da4c1312ca2f773f5f2b28b273403312dd7f041754f19f99c472b80

SHA512
7c825d98ed458a16e27d6a06285b46d60a87913bbb2dfb97a071125c5800338a6edc5b925d101465a446bde9bc85fbce478500eed3e07457ed7e859c7c98ca2d

Download Submit
/data/data/com.crting.chat/.jiagu/classes.dex!classes2.dex

Filesize
5.5MB

MD5
668d2f6bcbf4e6eed5b341bd33db50c5

SHA1
129605ed45050cd305ebf58f994a7e5d36bc7164

SHA256
580853114180883e59b3ed6a0f27fb51bbe0c0933ba9a1a1aa14d6edc157e4e4

SHA512
990d3b044f989a823f884f871a026c65be57458fe2adacafb5fa6ba32c21a7e76540a288d266d9514ed522eddb91e4ff4e92c12333dddb18e336e45345d78aef

Download Submit
/data/data/com.crting.chat/.jiagu/classes.dex!classes3.dex

Filesize
1.0MB

MD5
5ba5a1db63f7d9c1f2b97662a4587a5f

SHA1
ac6ebb7b59b4bfceda6f29e01c8f2a9f46967e36

SHA256
cfa7f2357139f5b577d488e289e6453eb338d849643c7a4c8b4e9726f2cc5c0b

SHA512
b3af15912bd02fabb4b3b99294122f48168a2715d20118bd660ffa7e8b63368fc693f510a7d76afc08692f55aaf917d65fa187b2d32041a869a73d4726b3cd67

Download Submit
/data/data/com.crting.chat/.jiagu/libjiagu.so

Filesize
455KB

MD5
e5a53000766ebc433b27d6a66ec4f555

SHA1
2c8f53f1c03aec2005bcad67d731f07261dabde0

SHA256
78e4ea857f10c2df6c7b94f0584524b52ecc099ed29478fe3964037b8a86ed2e

SHA512
370a1cb93b14556ad861724f4e9995c9a4c6d37cf2d570f888d1c6000c66d27ac63496b0703361e9fc9bc7f309b7aa4407c5f339d186b0a5b72520d23d04b68d

Download Submit
/data/data/com.crting.chat/.jiagu/tmp.dex

Filesize
284B

MD5
f1771b68f5f9b168b79ff59ae2daabe4

SHA1
0df6a835559f5c99670214a12700e7d8c28e5a42

SHA256
9f8898ce35a47aeafced99ea0d17c33e73037bb2307c7688e50819966f4ae939

SHA512
dae27d19727b89bec49398503baa6801640540355688dfabbe689c97545295c2c2d9b0f0dcd7cbc4cfbf701d0c0c3289e647a152f49ff242d1ecc741efe4145d

Download Submit
/data/data/com.crting.chat/cache/image_manager_disk_cache/31cc5930404458cb94cd11bd32bc8ab75a1df9c805cfdd587c6eb04b3a7de3f2.0.tmp

Filesize
37KB

MD5
c0b777b677a368a932831a096d6c86c2

SHA1
2b45fd49ba86126b404de677b29409330ab44d4e

SHA256
ca91fc7776b7c05ce20d59c5c741fb6881dd13003abb76e137e09cc5ef896623

SHA512
eda6b9c5fa6be3ea3524edc9512bfc61d9a0762174d2bc5aa88329499cbc1cae839f5d457a8deccddbf7e6ab77d2c9b8aefaffed4756ab27f2a6bf7d94635c08

Download Submit
/data/data/com.crting.chat/cache/image_manager_disk_cache/journal.tmp

Filesize
31B

MD5
8c92de9ce46d41a22f3b20f77404cc1d

SHA1
8671a6dca00edb72be47363a7071be65cf270373

SHA256
68bb33ddeed9200be85a71f70b377985f9ee68e91578afbde8321463396f1274

SHA512
30f45fe9954215d6adafcc8f0a060a7ff41963a64f9b849a37f0d18fe045038d429ec13bf15226769c4ba78dad3c52f3d9e0dbbb4fcdea4828a1efe956e48f56

Download Submit
/data/data/com.crting.chat/databases/chat_.db

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.crting.chat/databases/chat_.db-journal

Filesize
512B

MD5
96fe30ff9bcdb5fb988df3e56e67832f

SHA1
b316291fdff0a07c54dfcf5ef1da93d9e9571bbe

SHA256
535cad1fb9c30c3a80dcc56125ea73cb78ea7409056e3c9d2e613fcf3b4c0f39

SHA512
b88fd18d3e991c607d37d74e821d7e66786b25a8d409bbbdd626e3b524c59d0251453ba7ebc63d513c5ca2a0260835278d31486d8ab82b9da84522a06bcfa67f

Download Submit
/data/data/com.crting.chat/databases/chat_.db-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.crting.chat/databases/chat_.db-wal

Filesize
68KB

MD5
f2881c63111ac3e77c3106e93a2c7e7c

SHA1
316eb95d983dba9af2a27cb76802d729042988f5

SHA256
4633f2b77f6ae241b21664646f23454633db668f0bc2f5cbe53e27c567408c16

SHA512
b20da41bec5415b146790dda671076fa318840dea34d2e7004477ba7c1382edfe9df4f7dd399ec6819cc4b1c1ac3aa5a44136927264ad6fe48f6538bfeff8557

Download Submit
/data/data/com.crting.chat/files/config.json

Filesize
34B

MD5
872276bdfbae286c5260bac1d620eaba

SHA1
c410764a3bf51febbd2740a4f07a4d4190f5d82c

SHA256
a1ab9f8a4e536a867fad0f066188a21b88aef90eab9e0f687e94af3f9f70f840

SHA512
bfd0290eeba51e228ddaeea0a0efa344a6e57c9099dc801f406a79fc4aeae42888a17fb2ff0e3a096113cbdefb50ba1ae4bb6e882d1a0cfaf96c15fcbae93927

Download Submit
/storage/emulated/0/Android/data/com.crting.chat/crting-chat#crtingchat/core_log/easemob.log

Filesize
1KB

MD5
7dd725070b34aa67c56e36ffbc22a12b

SHA1
b24c5dd37b5909465ef6d80562c4266eea613d20

SHA256
31d916add7237009dafd35050f28837c59a2f7e20ba44c6b590f462cb7b473bf

SHA512
2edba90805b4bcf4f8ab6ef79c7f4981682064dc89e435877920ca7c6b515585ffffd731990f6173f3c7f5763cc7ccbae909b3c169bb7137463431a900c19ce0

Download Submit
/storage/emulated/0/Android/data/com.crting.chat/files/tbslog/tbslog.txt

Filesize
5KB

MD5
a75f2dc986b606fb0e5ceec7e9a38963

SHA1
fa8f8236d6a588991ee5a9fc792abbb8b6b06af4

SHA256
c408bb9a97cf6d01e1c093fefe07eb9e12e626021d0724e4562ca60e061066a0

SHA512
dbfbb748ad6299a322d557e9267660fd9a2ab1d9416e6ac61f57a10ce15d93f01c19a26d614787e0aebb093b2f219ba94ef09b4f06d25ce2c9f7c3896eb05a7f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads